-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 16 Jan 2020 16:00:52 +0000 Source: xtrlock Binary: xtrlock Architecture: source Version: 2.8+deb9u1 Distribution: stretch Urgency: high Maintainer: Matthew Vernon <matthew@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: xtrlock - Minimal X display lock program Closes: 830726 Changes: xtrlock (2.8+deb9u1) stretch; urgency=high . * CVE-2016-10894: Attempt to grab multitouch devices which are not intercepted via XGrabPointer. . xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events such as pan scrolling, "pinch and zoom", or even being able to provide regular mouse clicks by depressing the touchpad once and then clicking with a secondary finger. . This fix does not the situation where Eve plugs in a multitouch device *after* the screen has been locked. For more information on this angle, please see <https://bugs.debian.org/830726#115>. (Closes: #830726) Checksums-Sha1: 3868359c01d305263ab4a2d75a3b782a18947bcc 1457 xtrlock_2.8+deb9u1.dsc e3a12ff00c5e7b01ab5d093eafa1e26defb24f0b 21823 xtrlock_2.8+deb9u1.tar.gz 28f7890c85279f310c5256e3174e4760aba36072 5503 xtrlock_2.8+deb9u1_amd64.buildinfo Checksums-Sha256: 0c165522c0f09e3ca44ccd26e1bc24ae6496aee76c4ae1216805b8127a4e3387 1457 xtrlock_2.8+deb9u1.dsc 33c26b5c1e345c6840e54f636316fa43de230872dce235f48cc81e1ceaae5bbe 21823 xtrlock_2.8+deb9u1.tar.gz d874d380feb66b97c89e42553a149a2d17e6e58643f05094af8d2b4b19e9ec56 5503 xtrlock_2.8+deb9u1_amd64.buildinfo Files: d4f93d24d9d9194396c39cfa3b499d67 1457 x11 optional xtrlock_2.8+deb9u1.dsc 8949706713aef3b3e1c23ed194ff2510 21823 x11 optional xtrlock_2.8+deb9u1.tar.gz 0bd7a99543e9251a7a824d24305b032b 5503 x11 optional xtrlock_2.8+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5hU9cACgkQHpU+J9Qx HlhopA//UQXxNs6P7ZBECuA/RB9Y+zv+onobiNl1a65gMFA1YR9BNp8EbuXnIXGe DtaPV3GcFi0qKotx2KJUOYvixiQAMpB7qTwXyOZAcPbd9QyLzHH1OkXRQZPWOckw caKeew69XbxbUyc9nJN49LFgtmp2sVL7v3IZV2xe6az4O5f5nJDGtKnWEo3K2Xzx Jpgbi5/K+xwIutOJjgUDgKM0PMbBUbgqLvW4m1JVuwaQeeXhrFzqYfp3iOAPv7iM stIZiPSBpZyImmEgPnRUMAQFRHUZFTA93zivnevve3DaQcZ6Twz+XyaVWBF2tGiL yeJNnRuLWJaMKit75WveCOUxZcmkKr0m8WaUBg/ysSm7VZ54/pbH2A2Kp9/TO+KX pd0Ud+KprgJ1R3BDYL6B1OMf9LC/1Jwj5E9CGZSclC0lhO8xl6niR+Mh4q9yJAaF 1oEveB5FJdd5fuQ3M6eCE8XXopjl6zgaDgzERHeDIgcUy63sznb2Ew4BY56hHF3q eVzubh9U88qgav6NQl8A8zMX5GNP55TZqlQ8WoQTyb6vq+T/VvPy1QBDdPyhZGSX u+mCc4DDwcyL0jbynvnHNwpeN+JUGXaNXJvCzA9IlISV+aZCdoXs7esWyo7lbQzq ilpiEtj+T4lJYxPDx9EjpgJ9xYI09NgVcnnJkINm8nJgYabQ5qU= =kBvR -----END PGP SIGNATURE-----
